Safe parsing of HEIF framecount information Bug: 215002587 Test: POC described in bug Change-Id: I92f8fdfe860cb360fb0ae099db3c92776ba7390f

commit: e89e632f9aa04e15291ee096b3152b40474a993d [log] [tgz]
author: Ray Essick <essick@google.com> Wed Feb 02 13:33:50 2022 -0800
committer: Ray Essick <essick@google.com> Wed Feb 02 13:58:29 2022 -0800
tree: 6d82ca7c8fc795b452709c85f214effde1eb0f18
parent: ef519d746cd8b034f67434ac895d17cf4a816114 [diff] [blame]
diff --git a/media/libheif/HeifDecoderImpl.cpp b/media/libheif/HeifDecoderImpl.cpp
index b28ae70..041b427 100644
--- a/media/libheif/HeifDecoderImpl.cpp
+++ b/media/libheif/HeifDecoderImpl.cpp

@@ -26,6 +26,7 @@
 #include <binder/IMemory.h>
 #include <binder/MemoryDealer.h>
 #include <drm/drm_framework_common.h>
+#include <log/log.h>
 #include <media/mediametadataretriever.h>
 #include <media/stagefright/MediaSource.h>
 #include <media/stagefright/foundation/ADebug.h>
@@ -422,7 +423,13 @@
 
         initFrameInfo(&mSequenceInfo, videoFrame);
 
-        mSequenceLength = atoi(mRetriever->extractMetadata(METADATA_KEY_VIDEO_FRAME_COUNT));
+        const char* frameCount = mRetriever->extractMetadata(METADATA_KEY_VIDEO_FRAME_COUNT);
+        if (frameCount == nullptr) {
+            android_errorWriteWithInfoLog(0x534e4554, "215002587", -1, NULL, 0);
+            ALOGD("No valid sequence information in metadata");
+            return false;
+        }
+        mSequenceLength = atoi(frameCount);
 
         if (defaultInfo == nullptr) {
             defaultInfo = &mSequenceInfo;
commit	e89e632f9aa04e15291ee096b3152b40474a993d	[log] [tgz]
author	Ray Essick <essick@google.com>	Wed Feb 02 13:33:50 2022 -0800
committer	Ray Essick <essick@google.com>	Wed Feb 02 13:58:29 2022 -0800
tree	6d82ca7c8fc795b452709c85f214effde1eb0f18
parent	ef519d746cd8b034f67434ac895d17cf4a816114 [diff] [blame]